From e693c5376522786c7d2c323d9bdf2cbc1e007c3f Mon Sep 17 00:00:00 2001
From: Chong Yidong <cyd@stupidchicken.com>
Date: Sun, 28 Feb 2010 09:19:31 -0500
Subject: [PATCH] Fix use of unitialized memory.

* charset.c (load_charset_map_from_file)
(load_charset_map_from_vector): Zero out allocated
charset_map_entries before using them.
---
 src/ChangeLog | 6 ++++++
 src/charset.c | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/src/ChangeLog b/src/ChangeLog
index b0d6e43a21e..76863f5c997 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2010-02-28  Chong Yidong  <cyd@stupidchicken.com>
+
+	* charset.c (load_charset_map_from_file)
+	(load_charset_map_from_vector): Zero out allocated
+	charset_map_entries before using them.
+
 2010-02-27  Andreas Schwab  <schwab@linux-m68k.org>
 
 	* w32uniscribe.c (uniscribe_check_otf): Fix length check.
diff --git a/src/charset.c b/src/charset.c
index 1db9ec17ae7..125c9131687 100644
--- a/src/charset.c
+++ b/src/charset.c
@@ -531,6 +531,7 @@ load_charset_map_from_file (charset, mapfile, control_flag)
   SAFE_ALLOCA (head, struct charset_map_entries *,
 	       sizeof (struct charset_map_entries));
   entries = head;
+  bzero (entries, sizeof (struct charset_map_entries));
 
   n_entries = 0;
   eof = 0;
@@ -557,6 +558,7 @@ load_charset_map_from_file (charset, mapfile, control_flag)
 	  SAFE_ALLOCA (entries->next, struct charset_map_entries *,
 		       sizeof (struct charset_map_entries));
 	  entries = entries->next;
+	  bzero (entries, sizeof (struct charset_map_entries));
 	}
       idx = n_entries % 0x10000;
       entries->entry[idx].from = from;
@@ -596,6 +598,7 @@ load_charset_map_from_vector (charset, vec, control_flag)
   SAFE_ALLOCA (head, struct charset_map_entries *,
 	       sizeof (struct charset_map_entries));
   entries = head;
+  bzero (entries, sizeof (struct charset_map_entries));
 
   n_entries = 0;
   for (i = 0; i < len; i += 2)
@@ -632,6 +635,7 @@ load_charset_map_from_vector (charset, vec, control_flag)
 	  SAFE_ALLOCA (entries->next, struct charset_map_entries *,
 		       sizeof (struct charset_map_entries));
 	  entries = entries->next;
+	  bzero (entries, sizeof (struct charset_map_entries));
 	}
       idx = n_entries % 0x10000;
       entries->entry[idx].from = from;
-- 
2.30.2